cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Import an SSL Private Key

JMorozowski
Active Participant

on ‎08-19-2009 2:30 PM

0 Kudos

Hello. Is it possible to export the Private Key from, say, my J2EE engine (I'm running a dual stack) and import it into my ABAP instance so that both systems use the same Private Key? They both have the same host name.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

JMorozowski
Active Participant
‎02-27-2012 8:27 PM
0 Kudos

This is answered. The solution was to create the key in ABAP, get the signed Cert and then export the pair and import it into J2EE.

Show replies
Show replies
Former Member
‎08-29-2009 11:47 AM
0 Kudos

I guess its possible. Please correct me if i am wrong.

Please keep in mind, that simply importing a certificate as a certificate response won't work in this situation, since the public key from your CA and the public key in the individual PSEs already existing on the respective servers won't match.

following steps all the key pairs and certificates that are currently stored in the SSL Server PSEs on the target systems will be removed. If you want to keep them, you'll need to export them to a safe place.

Step 1: import the key pair into a PSE

Since pl.16 of SAPCRYPTOLIB, key pairs given in the format PKCS#12 can be imported into a PSE (note 745063). Since pl.24 of SAPCRYPTOLIB, also the import of key pairs given as PKCS#5, PKCS#8 or OpenSSL-PEM is supported (note 1159829).

Step 2: import the PSE resulting from Step 1) into the system's database All PSEs that are known to transaction STRUST will be exported from the database and distributed to the application servers at system startup. The related PSE files will be overwritten. So, the PSE resulting from the key pair import in step 1) needs to be imported into the database.

You'll need to go through a procedure similar to the one described in note 1178155, step 3.

- Copy the PSE from step 1) to your workstation/PC

- Start transaction STRUST

- Doubleclick the "FILE" icon in the navigation area (left hand side)

- Select the PSE on your workstation/PC

- Execute the menu item "PSE --> save as..." and choose the SSL Server

PSE as target. This will save the PSE from step 1 as SSL Server

standard PSE.

- The following step is a modification from note 1178155 which is

only applicable in your special situation: right mouse button click

on the SSL Server PSE entry in the navigation area. From the context

menu appearing, select "Change".

- Remove the distinguished names from all application server specific

PSEs in the list. Pressing the green tick mark ('save') will remove

all application server specific SSL Server PSEs, so the system is

forced to use the SS Server standard PSE instead.

Don't forget to restart the ICM in order to make your changes become effective.

Regards,

Jazz

Show replies
Show replies
Former Member
‎08-29-2009 9:38 AM
0 Kudos

Hi Jon,

I hope it should be possible.

I have successfully done the other way. i.e Export the key from ABAP stack and put it onto Java stack so that the same certificate is used on both the stacks.

The other way also should be possible. Export the Private key from java stack as a .pfx file and import it into Server PSE in strust.

Let me know if it is successful.

Regards

Raghu.

Show replies
Show replies
Ask a Question